From: Bijit Hore [bhore@ics.uci.edu] Sent: Monday, May 24, 2010 1:34 PM To: Chris Davison Subject: Executive summary of Privacy Hi Chris, Here is the executive summary of the privacy work. -------- Privacy concerns associated with the infusion of technology into real-world processes arise for a variety of reasons, including unexpected usage and/or misuse for purposes for which the technology was not originally intended. These concerns are further exacerbated by the natural ability of modern information technology to record and develop information about entities (individuals, organizations, groups) and their interactions with technologies – information that can be exploited in the future against the interests of those entities. Such concerns, if unaddressed, constitute barriers to technology adoption or worse, result in adopted technology being misused to the detriment of society. Our objective in the project has been to understand privacy concerns in adopting technology from the social and cultural perspective, and to design socio-technological solutions to alleviate such concerns. We have focused on applications that are key to effective crisis management. This resulted in two directions: building /Privacy-aware Observation/ systems and building /Secure Data Outsourcing/ systems. The observation system consisted of a creating a “sentient” space where information about activities of individuals and state of resources are captured using a variety of sensors. Two distinct application areas were the driving force – a surveillance application and a work-space productivity enhancer (RegionMonitor) application. In the former, the goal is to detect the occurrence of any event out of a set of pre-defined events in the sentient space. The system is geared towards minimizing the risk of non-essential disclosure of identity of the individuals (i.e., unless there is an explicit requirement for disclosure). The architecture assumed an untrusted server but required the sensors to be trusted and tamper-proof and being able to carry out some computation. Therefore, all data remained encrypted on the server and could only be decrypted within the confines of the sensor. We designed secure communication protocol between the trusted and untrusted components of the system that was designed to balance performance and degree of anonymity. The second system called the “RegionMonitor” allows users to pose queries about resources and other individuals in the sentient space and get response in real time. The goal was to facilitate expressive queries to users as well as give the subjects more control over their privacy. Unlike the surveillance application, here we assumed that the system is trusted. It helps users specify their privacy preferences which it then balances against information requirement of other users who pose queries to the system. This presented a new set of challenges in terms of inference control in a more dynamic environment which supported more expressive queries and varying privacy preferences. In the secure data outsourcing area we concentrated on middleware oriented models – we considered the problem of confidentiality in standard web- applications that manage a variety of privacy-sensitive user data, e.g., document management solutions like Google Docs, schedule-management software like Google Calendar etc. We implemented a generic privacy middleware that sits between the client and the web-service and helps the user manage his/her data privacy. It provides a GUI based interface for the user to specify privacy preferences, generates the appropriate set of actions to be taken. The middleware is responsible for intercepting all communication between the user and the server and making sure that all privacy policies are suitably implemented. It employs encryption, data perturbation, generalization, noise- addition amongst other techniques to mask the real content of sensitive data on the server. To recover the information before presenting it to the user, it also needs to maintain the required metadata, like encryption keys, transformation rules etc. While storing encrypted (perturbed) data on the server is not a problem, it is a challenge to support the typical functionalities offered by the web service. For instance, efficient search and querying on encrypted data on the server becomes challenging. In an application like Google Calendar, if the date of a meeting is hidden away from the server, then how can the server still generate reminders and alerts? The middleware tries to provide a transparent interface to an user which allows him/her to access most features of the web application seamlessly even while enhancing the confidentiality of his/her data which was not possible in the normal case. The middleware is designed to be a general purpose, extendible software that can be easily adapted to work with a wide variety of personal data-centric web applications. Efficiency and ease of use for the middleware are two other important criteria that were considered in this work. We also initiated investigations into a new direction of research where we considered /memory-scraping malware/ as a new breed of attacks to standard databases. While a lot of attention has been paid to data privacy attacks on disk and communication channels, the vulnerability of the unencrypted data sitting in memory of a server has not been investigated deeply. We study this problem in context of typical DBMS where the sensitive data is assumed to be encrypted on disk and decrypted when it is brought into memory. We looked at different classes of queries and processing approaches, e.g., using an index, table scans, queries involving joins and the various join algorithms etc. and then analyzed them for their vulnerability to main-memory based attacks. Then, we proposed modifications to the query optimization process that generated plans where both disclosure-risk and performance are simultaneously optimized. We implemented these changes into the MySQL-InnoDB query optimizer and carried out extensive test using the TPC-H dataset to test its feasibility. ------ Ph.D., Computer Science, Associate Specialist (Postdoc), Donald Bren School of Computer Science, University of California, Irvine.